Our team is answering our frequently asked questions.
Currently, there is no official Auth0 solution for this issue. We recommend voting for this feature request in the community for a quick solution to a compromised system:
Bulk Deleting Users - Feature Request.
As a possible workaround, you can create a Post-Login Action to check the last_password_reset claim for Databases during a user login. If the user hasn’t updated their password since the incident, you can prompt them to reset their password and redirect them to the logout endpoint and an error page.
Please note that this is just an idea of an implementation, and you’ll need to customize the logic to suit your specific needs. One important consideration is avoiding rate limits, which can impact your solution. You can find more details about rate limits here: Auth0 Rate Limit Policy.
Hope this helps